New Law Could Mean Prison for Reporting Data Leaks Tripwire

pThe Turkish government is proposing a controversial new cybersecurity law that could make it a criminal act to report on data breaches ppThe new legislation proposes penalties for various cybersecurityrelated offences But they key one which has people concerned is thisppThose who carry out activities aimed at targeting institutions or individuals by creating the perception that there has been a data breach in cyberspace even though there has been no data breach shall be sentenced to imprisonment for a term of two to five yearsppThe problem is of course that such a law may discourage the reporting of any potential data leaks ppOpposition leaders in Turkey have criticised the legislation as a way to stifle journalism and free speech arguing that it could be used to target journalists or individuals who report on suspected data breaches or cybersecurity vulnerabilities even if their reporting is accurate ppIts easy to see how journalists concerned that they could face a jail term if their reporting is flawed or if the authorities simply deny a breach has occurred could choose not to report on the topic at all ppThe new legislation has been proposed in Turkey amid a background of journalists being intimidated in the country ppTurkish journalist İbrahim Haskoloğlu announced he was leaving the country last month following what he described as mounting death threats In April 2022 Haskoloğlu reported on how hackers had stolen sensitive personal information from government websites including the ID cards of President Erdoğan and the head of Turkeys national intelligence agency Hakan Fidan ppIn the wake of his report Haskoloğlu was arrested and prosecutors sought a 12 year prison sentence alleging he had illegally obtained and spread personal information ppSome suspect that the new legislation is being introduced as a response to Haskoloğlus findings ppOne thing is clear It is not going to improve the state of cybersecurity if those who attempt to raise concerns are silenced by accusations that they are creating unnecessary panic or damaging the reputations of institutions ppThere has been a long history around the world of whistleblowers and cybersecurity researchers raising concerns about data security and defences improving as a direct result The people of Turkey will be poorlyserved if their government discourages reporting of vulnerabilities and security failures just to save its face ppIt is a sorry state of affairs if more attention is given to punishing those who report on poor security hacks and breaches rather than the cybercriminals who commit the crimes themselvesppEditors Note The opinions expressed in this and other guest author articles are solely those of the contributor and do not necessarily reflect those of Tripwirep